...
- Stabilized and cleaned up the security-related LDAP injection prevention that was introduced in 5.0.0 and patched in 5.0.2. Re-wrote the escaping logic which still had some known issues after the patch, and have now followed escaping rules according to RFCs https://www.rfc-editor.org/rfc/rfc4515.txt and http://www.ietf.org/rfc/rfc2253.txt.
Changes in 5.9.1
15:30 CET
Security update and OIDC+SAML bug fixes
Security patches
- Update org.eclipse.jetty to patch
CVE-2022-2047
Bug fixes
- Obfuscate client secret text that was visible upon inspect element on /idp-integration page.
- IDP metadata URL wasn’t always properly persisted after setup wizard.